Verify the C2PA manifest of an asset
Analyzes a digital asset to find, validate, and report on any embedded C2PA manifests. This allows you to confirm the asset's provenance, authenticity, and processing history.
The asset is processed using memory-efficient streaming to temporary storage during verification. Returns detailed validation results including trust status, signer information, and any validation failures.
API Key provided by Que. Obtain your key from the developer dashboard.
In: header
The asset to verify, report detail level, and optional verification parameters.
A reference to a digital asset, either stored in S3 or accessible via URL. Files are streamed efficiently to temporary storage during processing to minimize memory usage.
An asset located in an S3 bucket that the Que service has access to. The service will stream the file from S3 to temporary storage during processing.
The name of the S3 bucket.
The object key (path) within the S3 bucket.
An asset accessible via HTTP/HTTPS URL. The URL must be enabled via the ALLOW_URL_ASSETS environment variable. The service will stream the file to temporary storage during processing.
The HTTP/HTTPS URL of the asset. Must be publicly accessible.
uriThe level of detail to return in the verification report.
summary: A high-level pass/fail result with basic trust status. Fastest option for simple validation.info: Basic information about the manifest, claims, and signing entities.detailed: Comprehensive details of all assertions, claims, signatures, and validation steps.tree: Hierarchical view of the manifest's ingredient relationships and provenance chain.
"summary"Whether to allow fetching and validating remote manifests referenced in the asset's C2PA data.
falseWhether to allow HTTP (non-HTTPS) URLs when fetching remote manifest resources. Disabled by default for security.
falseWhether to include full certificate chains and cryptographic details in the verification report.
falseOptions controlling CAWG identity validation behavior during verification.
Optional limits for processing operations to prevent resource exhaustion. These limits apply to the streaming and processing phases of asset handling.
Response Body
const body = JSON.stringify({ "asset": { "bucket": "que-assets-dev", "key": "uploads/photo.jpg" }, "mode": "summary"})fetch("https://dev-api.addque.org/v1/verify", { method: "POST", headers: { "Content-Type": "application/json" }, body}){
"report": {
"validationStatus": [
{
"code": "claim.signature.validated",
"explanation": "Claim signature validated"
}
],
"summary": {
"isTrusted": true,
"signer": "CN=Que Signing Service"
}
}
}{
"type": "about:blank",
"title": "bad_request",
"status": 400,
"code": "bad_request",
"detail": "manifest_json is required when mode=server_measure"
}{
"type": "about:blank",
"title": "unauthorized",
"status": 401,
"code": "unauthorized",
"detail": "invalid API key"
}{
"type": "about:blank",
"title": "forbidden",
"status": 403,
"code": "forbidden",
"detail": "you do not have permission to perform this action"
}{
"type": "about:blank",
"title": "verification failed",
"status": 422,
"code": "engine_verification",
"detail": "verification failed"
}{
"type": "about:blank",
"title": "rate_limited",
"status": 429,
"code": "rate_limited",
"detail": "try again in 5000 ms",
"details": {
"try_again_in_ms": 5000
}
}{
"type": "about:blank",
"title": "internal_error",
"status": 500,
"code": "internal_error",
"detail": "unexpected panic in verification engine"
}